Videos

  • Add Videos
  • View All

Top Content 

1 Count failures and success via transaction

Count failures and success via transaction

Latest Activity

Profile IconWilliam S and Please... Dee Esssss :-) joined splunkninja
1 hour ago
Amine Recoba is now a member of splunkninja
yesterday
Welcome Them!
Michael Wilde replied to Nikita's discussion Count failures and success via transaction
"How are these transactions linked together... by a field called "ID"?  If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it.   Paste some samples and…"
Friday
Linus Myrefelt updated their profile
May 22
Marie updated their profile
May 21
Marie is now a member of splunkninja
May 21
Welcome Them!
Profile IconJitter and matthew arguin joined splunkninja
May 18
Profile IconMatthew Carter and Nikita joined splunkninja
May 17
harish
  • New York, NY
  • United States
Share on Facebook Share on Facebook Share Twitter

harish's Discussions

Splunk equivalent of the *nix 'cut -d' ' -f1-5
3 Replies

Hello,I just started playing with splunk. I looked thru the docs and unable to find any commands that allow me to do the *nix equivalent of 'cut -d' ' -f1,5'Any comments appreciatedThanksHarishContinue

Started this discussion. Last reply by Michael Wilde Nov 13, 2009.

 

harish's Page

Gifts Received

Gift

harish has not received any gifts yet

Give harish a Gift

Latest Activity

Michael Wilde replied to harish's discussion Splunk equivalent of the *nix 'cut -d' ' -f1-5
"You may want to give the "Extract Fields" option on the event menu (right next to each event's timestamp. It will build a regex for you and persist it--so its always extracted... However, if you're event structure is basically…"
Nov 13, 2009
harish replied to harish's discussion Splunk equivalent of the *nix 'cut -d' ' -f1-5
"Micheal I search for "SiteWs" and get the below event "Timestamp: 11/12/2009 2:09:41 PM Title: (SiteWS) Message: [@SiteIdService getWebServiceResult()] [SessionID: 5wrjjxk0osv33k] [TheNewCustomer:…"
Nov 13, 2009
Michael Wilde replied to harish's discussion Splunk equivalent of the *nix 'cut -d' ' -f1-5
"Harish.. Are you attempting to do field extraction---a well written regex should be able to reproduce what you want... Got a sample? Post it and we'll see if we can figure it out."
Nov 12, 2009
harish posted a discussion

Splunk equivalent of the *nix 'cut -d' ' -f1-5

Hello,I just started playing with splunk. I looked thru the docs and unable to find any commands that allow me to do the *nix equivalent of 'cut -d' ' -f1,5'Any comments appreciatedThanksHarishSee More
Nov 12, 2009
3 Comments
harish is now a member of splunkninja
Nov 12, 2009
Welcome Them!

Profile Information

Are you an existing splunk user?
Free
What do you do for your day job?
Lost

Comment Wall

  • No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

 
 
 

© 2012   Created by Michael Wilde.

Badges  |  Report an Issue  |  Terms of Service